Line data    Source code

       1             : /* SPDX-License-Identifier: GPL-2.0+ */
       2             : /*
       3             :  * manage device node user ACL
       4             :  */
       5             : 
       6             : #include <errno.h>
       7             : #include <stdio.h>
       8             : #include <stdlib.h>
       9             : #include <sys/stat.h>
      10             : 
      11             : #include "sd-login.h"
      12             : 
      13             : #include "device-util.h"
      14             : #include "login-util.h"
      15             : #include "logind-acl.h"
      16             : #include "log.h"
      17             : #include "udev-builtin.h"
      18             : 
      19           0 : static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) {
      20           0 :         const char *path = NULL, *seat;
      21           0 :         bool changed_acl = false;
      22             :         uid_t uid;
      23             :         int r;
      24             : 
      25           0 :         umask(0022);
      26             : 
      27             :         /* don't muck around with ACLs when the system is not running systemd */
      28           0 :         if (!logind_running())
      29           0 :                 return 0;
      30             : 
      31           0 :         r = sd_device_get_devname(dev, &path);
      32           0 :         if (r < 0) {
      33           0 :                 log_device_error_errno(dev, r, "Failed to get device name: %m");
      34           0 :                 goto finish;
      35             :         }
      36             : 
      37           0 :         if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0)
      38           0 :                 seat = "seat0";
      39             : 
      40           0 :         r = sd_seat_get_active(seat, NULL, &uid);
      41           0 :         if (r < 0) {
      42           0 :                 if (IN_SET(r, -ENXIO, -ENODATA))
      43             :                         /* No active session on this seat */
      44           0 :                         r = 0;
      45             :                 else
      46           0 :                         log_device_error_errno(dev, r, "Failed to determine active user on seat %s: %m", seat);
      47             : 
      48           0 :                 goto finish;
      49             :         }
      50             : 
      51           0 :         r = devnode_acl(path, true, false, 0, true, uid);
      52           0 :         if (r < 0) {
      53           0 :                 log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL: %m");
      54           0 :                 goto finish;
      55             :         }
      56             : 
      57           0 :         changed_acl = true;
      58           0 :         r = 0;
      59             : 
      60           0 : finish:
      61           0 :         if (path && !changed_acl) {
      62             :                 int k;
      63             : 
      64             :                 /* Better be safe than sorry and reset ACL */
      65           0 :                 k = devnode_acl(path, true, false, 0, false, 0);
      66           0 :                 if (k < 0) {
      67           0 :                         log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m");
      68           0 :                         if (r >= 0)
      69           0 :                                 r = k;
      70             :                 }
      71             :         }
      72             : 
      73           0 :         return r;
      74             : }
      75             : 
      76             : const UdevBuiltin udev_builtin_uaccess = {
      77             :         .name = "uaccess",
      78             :         .cmd = builtin_uaccess,
      79             :         .help = "Manage device node user ACL",
      80             : };